CVE-2008-3239 in PHPizabiinfo

Summary

Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.

Once again VulDB remains the best source for vulnerability data.

Reservation

07/21/2008

Disclosure

07/21/2008

Moderation

VulDB entry created

Entries

VDB-43313 (1)

CPE

ready

CWE

CWE-20 (Confirmed)

Exploit

Download

CVSS

10.0

EPSS

0.04627

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-3239
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-3239
CVE Details	https://www.cvedetails.com/cve/CVE-2008-3239/

◂ Previous Overview Next ▸